Thank you Alexander and Anthony for the explanation. I am sorry for missing the signature checks for the apache geode src. :( Was able to build and run geode-native code.
Regards Nabarun Nag On Mon, Dec 3, 2018 at 9:52 AM Dan Smith <dsm...@pivotal.io> wrote: > I see a few things with the artifacts that I think should be tweaked > 1. No pgp signature for the sources! > 2. No zip file for the geode, just .tgz. Older releases on our website have > both zip and tgz. See the differences between [1] and [2] > 3. pgp signature for the native source is not ascii armored. See [3] > > Regarding SHA512 vs SHA256 - we should probably just move everything to > SHA512 in the future. > > [1] https://dist.apache.org/repos/dist/dev/geode/1.8.0.RC1/ > [2] https://www.apache.org/dist/geode/1.7.0/ > [3] https://www.apache.org/dev/release-signing.html#signing-basics > > On Mon, Dec 3, 2018 at 9:24 AM Alexander Murmann <amurm...@pivotal.io> > wrote: > > > Thanks for taking such a detailed a look, Nabarun! That's awesome input. > > > > 1. Is there a reason why geode-native is signed with SHA512 while all the > > > rest are signed with SHA256? > > > > Not really. I used the defaults provided by the Gradle signing task in > the > > case of the core codebase and the GPG tool's default when signing the > > native code. I noticed that GPG's default was larger, but figured more > bits > > are better bits and come at pretty much no additional cost. If this is > > confusing, I am happy to sign with a smaller hash or at least at > > documentation for doing so more consistently in the next release. > > Any opinions on how to proceed with this? > > > > 2. Are there any directions / documentation on how to verify the > > > geode-native release components? > > > > I unpacked the release and followed the instructions in building.md. > > Someone who has contributed more to the Native code base might have much > > better steps in mind. Pleas chime in! > > > > On Mon, Dec 3, 2018 at 8:45 AM Nabarun Nag <n...@apache.org> wrote: > > > > > Following checks completed: > > > - checked signatures > > > - checked SHA's > > > - builds from source [geode] > > > - run gfsh - start locator, server - create region - do put and get - > > > execute OQL query > > > - examples run cleanly [geode-examples] > > > - the correct version in gfsh command version > > > > > > Questions: > > > 1. Is there a reason why geode-native is signed with SHA512 while all > the > > > rest are signed with SHA256? > > > 2. Are there any directions / documentation on how to verify the > > > geode-native release components? > > > > > > > > > File Differences: > > > 1. Files KEYS and gradlew.bat are present in the github repo for > > > rel/v1.8.0.RC1 but not present in the source release > > apache-geode-1.8.0-src > > > 2. gradlew file differs in the rel/v1.8.0.RC1 repo and the source > release > > > apache-geode-1.8.0-src. > > > > > > Apologies if these changes are expected. > > > > > > Regards > > > Nabarun Nag > > > > > > > > > > > > > > > On Fri, Nov 30, 2018 at 5:38 PM Alexander Murmann <amurm...@pivotal.io > > > > > wrote: > > > > > > > Hi everyone, > > > > > > > > Per above discussion the release now contains Geode Native. > > > > Here is the updated release information: > > > > > > > > Apache Geode: > > > > https://github.com/apache/geode/tree/rel/v1.8.0.RC1 > > > > Apache Geode examples: > > > > https://github.com/apache/geode-examples/tree/rel/v1.8.0.RC1 > > > > Apache Geode Native: > > > > https://github.com/apache/geode-native/tree/rel/v1.8.0.RC1 > > > > > > > > Commit IDs: > > > > Apache Geode: 671671b5e81acde2684df3331aedf176cc927e6e > > > > Apache Geode Examples: aee3794f1302ffab51b4ca5d02657598420b7a00 > > > > Apache Geode Native: 32d71d13087b5c1a36417693cf8da9a8819edbdf > > > > > > > > Source and binary files: > > > > https://dist.apache.org/repos/dist/dev/geode/1.8.0.RC1/ > > > > > > > > Maven staging repo: > > > > > https://repository.apache.org/content/repositories/orgapachegeode-1048 > > > > > > > > Geode's KEYS file containing PGP keys we use to sign the release: > > > > https://github.com/apache/geode/blob/develop/KEYS > > > > > > > > Signed the release with fingerprint: > > > > rsa4096 2018-09-01 [SC] > > > > D5C5C950D61898EDE8928820D6048392BDFB7797 > > > > > > > > > > > > On Fri, Nov 30, 2018 at 9:44 AM Anthony Baker <aba...@pivotal.io> > > wrote: > > > > > > > > > Because this is confusing, let me clarify our current approach > again: > > > > > > > > > > When we do a release of the Geode Project, it will include all the > > > > > constituent pieces we deem appropriate regardless of the repo the > > > source > > > > > comes from. Currently this includes: > > > > > > > > > > - geode > > > > > - geode-examples > > > > > - geode-native > > > > > > > > > > Perhaps in the future, we would include geode-benchmarks. > > > > > > > > > > In order to create a distinct release with a separate lifecycle we > > > would > > > > > need to spawn a subproject with a separate PMC and a viable > > community. > > > > > > > > > > @Alexander, I don’t think you need to issue a new release > candidate. > > > > Just > > > > > add the geode-native source distribution and update the VOTE email. > > > > > > > > > > > > > > > Anthony > > > > > > > > > > > > > > > > On Nov 30, 2018, at 8:08 AM, Alexander Murmann < > > amurm...@pivotal.io> > > > > > wrote: > > > > > > > > > > > > Sorry, I was unaware that we were planning on releasing > > geode-native > > > as > > > > > > part of the same release and not as a separate release that goes > > out > > > > at a > > > > > > similar time. > > > > > > > > > > > > I am happy to work on a new candidate that includes geode-native. > > > > > > > > > > > > On Fri, Nov 30, 2018 at 6:39 AM Anthony Baker <aba...@pivotal.io > > > > > > wrote: > > > > > > > > > > > >> Is there a reason the geode-native repo was not included in the > > > > release? > > > > > >> > > > > > >> Anthony > > > > > >> > > > > > >> > > > > > >>> On Nov 29, 2018, at 11:15 PM, Alexander Murmann < > > > amurm...@pivotal.io > > > > > > > > > > >> wrote: > > > > > >>> > > > > > >>> Hello Geode dev community! > > > > > >>> > > > > > >>> I am happy to announce the first release candidate for Apache > > Geode > > > > > >> 1.8.0! > > > > > >>> Thanks to all the community members for their contributions to > > this > > > > > >>> release! > > > > > >>> > > > > > >>> Please review and give your feedback! The deadline is the end > of > > > day > > > > > Dec. > > > > > >>> 4th 2018. > > > > > >>> > > > > > >>> It resolves 162 issues on Apache Geode JIRA system. Release > notes > > > can > > > > > be > > > > > >>> found at: > > > > > >>> > > > > > >> > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-1.8.0 > > > > > >>> > > > > > >>> Please note that we are voting upon the source tags: > > rel/v1.8.0.RC1 > > > > > >>> Apache Geode: > > > > > >>> https://github.com/apache/geode/tree/rel/v1.8.0.RC1 > > > > > >>> Apache Geode examples: > > > > > >>> https://github.com/apache/geode-examples/tree/rel/v1.8.0.RC1 > > > > > >>> > > > > > >>> Commit IDs: > > > > > >>> Apache Geode: 671671b5e81acde2684df3331aedf176cc927e6e > > > > > >>> Apache Geode Examples: aee3794f1302ffab51b4ca5d02657598420b7a00 > > > > > >>> > > > > > >>> Source and binary files: > > > > > >>> https://dist.apache.org/repos/dist/dev/geode/1.8.0.RC1/ > > > > > >>> > > > > > >>> Maven staging repo: > > > > > >>> > > > > > https://repository.apache.org/content/repositories/orgapachegeode-1048 > > > > > >>> > > > > > >>> Geode's KEYS file containing PGP keys we use to sign the > release: > > > > > >>> https://github.com/apache/geode/blob/develop/KEYS > > > > > >>> > > > > > >>> Signed the release with fingerprint: > > > > > >>> rsa4096 2018-09-01 [SC] > > > > > >>> D5C5C950D61898EDE8928820D6048392BDFB7797 > > > > > >>> > > > > > >>> PS: Command to run geode-examples: ./gradlew -PgeodeReleaseUrl= > > > > > >>> https://dist.apache.org/repos/dist/dev/geode/1.8.0.RC1 > > > > > >> -PgeodeRepositoryUrl= > > > > > >>> > > > > > https://repository.apache.org/content/repositories/orgapachegeode-1048 > > > > > >>> build runAll > > > > > >>> > > > > > >>> Thank you! > > > > > >>> Alexander > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > >
